Lucene search
K

141 matches found

OSV
OSV
added 2021/12/21 6:15 p.m.2 views

UBUNTU-CVE-2021-45292

The gfisomhintrtpread function in GPAC 1.0.1 allows attackers to cause a denial of service Invalid memory address dereference via a crafted file in the MP4Box command...

5.5CVSS7.3AI score0.00622EPSS
Exploits1References4
OSV
OSV
added 2021/10/25 10:15 p.m.19 views

ALPINE-CVE-2021-41105

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. When handling SRTP calls, FreeSWITCH prior to version 1.10.7 is susceptible to a DoS where calls can be terminated...

7.5CVSS7AI score0.0244EPSS
Exploits3References1
ATTACKERKB
ATTACKERKB
added 2021/08/05 8:15 p.m.2 views

CVE-2021-36584

An issue was discovered in GPAC 1.0.1. There is a heap-based buffer overflow in the function gprtpbuilderdotx3g function in ietf/rtppck3gpp.c, as demonstrated by MP4Box. This can cause a denial of service DOS...

5.5CVSS7AI score0.00757EPSS
Exploits1References2
OSV
OSV
added 2021/08/05 8:15 p.m.3 views

UBUNTU-CVE-2021-36584

An issue was discovered in GPAC 1.0.1. There is a heap-based buffer overflow in the function gprtpbuilderdotx3g function in ietf/rtppck3gpp.c, as demonstrated by MP4Box. This can cause a denial of service DOS...

5.5CVSS7.5AI score0.00757EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/05/03 12:0 a.m.6 views

Qualcomm 组件缓冲区错误漏洞

The Qualcomm Component is a component of Qualcomm Incorporated USA. An intrinsic part that provides the functionality of Qualcomm devices. A security vulnerability exists in the Qualcomm Component that stems from a buffer over-read when decompressing RTCP packets, where we may read additional byt...

9.4CVSS8.5AI score0.00913EPSS
Exploits0References5
OSV
OSV
added 2021/02/18 9:15 p.m.4 views

ALPINE-CVE-2021-26712

Incorrect access controls in ressrtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets...

7.5CVSS7.1AI score0.03587EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2021/02/02 12:0 a.m.6 views

The vulnerability in the implementation of the WebRTC technology for browser-based applications by Mozilla Firefox and Firefox-ESR allows a attacker to induce a service failure.

The vulnerability of the WebRTC streaming data transmission technology in Mozilla Firefox and Firefox-ESR implementations is related to an inappropriate type of payload type in the RTP packets sent. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

9.3CVSS7.4AI score0.02393EPSS
Exploits0References11Affected Software7
RedHat Linux
RedHat Linux
added 2020/09/29 8:27 p.m.5 views

libsrtp: buffer overflow in application of crypto profiles

Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service crash via vectors related to a length inconsistency in the cryptopolicysetfromprofileforrtp and srtpprotect functions...

2.6CVSS5.9AI score0.0299EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/04/14 5:54 p.m.6 views

nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate

A heap-based buffer overflow was found in the NSCEncryptUpdate function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application compiled with nss. While the attack complexi...

8.8CVSS7.2AI score0.02994EPSS
Exploits0References6
CNVD
CNVD
added 2020/03/13 12:0 a.m.2 views

Unspecified Vulnerability in Mitel Networks 6800 and 6900 SIP Series

Mitel Networks 6800 SIP and Mitel Networks 6900 SIP are both products of Mitel Networks Canada.Mitel Networks 6800 SIP is a 6800 SIP series IP phone.Mitel Networks 6900 SIP is a 6900 Mitel Networks 6900 SIP is a 6900 SIP series IP phone. A security vulnerability exists in the SRTP 128-bit key...

5.9CVSS6.5AI score0.00513EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/02/11 8:35 a.m.5 views

nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate

A heap-based buffer overflow was found in the NSCEncryptUpdate function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application compiled with nss. While the attack complexi...

8.8CVSS7.2AI score0.02994EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2020/01/27 3:10 p.m.3 views

nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate

A heap-based buffer overflow was found in the NSCEncryptUpdate function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application compiled with nss. While the attack complexi...

8.8CVSS7.2AI score0.02994EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2019/12/10 12:25 p.m.5 views

nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate

A heap-based buffer overflow was found in the NSCEncryptUpdate function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application compiled with nss. While the attack complexi...

8.8CVSS7.2AI score0.02994EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2019/11/11 12:0 a.m.6 views

The vulnerability of the RTP protocol implementation in the VideoLAN VLC media player software allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the RTP protocol implementation in the VideoLAN VLC media player lies in buffer overflows in the dynamic memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a service failure by using a specially created ogg file...

10CVSS7.3AI score0.01486EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2018/12/31 10:29 p.m.3 views

CVE-2018-6344

A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93, and WhatsApp for Windows Phone prior to...

7.5CVSS5.8AI score0.01949EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2018/12/31 12:0 a.m.9 views

PT-2018-17492 · Whatsapp · Whatsapp For Ios +2

Name of the Vulnerable Software and Affected Versions: WhatsApp for Android versions prior to 2.18.293 WhatsApp for iOS versions prior to 2.18.93 WhatsApp for Windows Phone versions prior to 2.18.172 Description: A heap corruption issue can occur in WhatsApp due to a malformed RTP packet being se...

7.5CVSS7.5AI score0.01949EPSS
Exploits1References4
The Hacker News
The Hacker News
added 2018/10/10 7:29 a.m.4 views

Just Answering A Video Call Could Compromise Your WhatsApp Account

What if just receiving a video call on WhatsApp could hack your smartphone? This sounds filmy, but Google Project Zero security researcher Natalie Silvanovich found a critical vulnerability in WhatsApp messenger that could have allowed hackers to remotely take full control of your WhatsApp just b...

7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2018/03/15 11:6 a.m.7 views

Mozilla: Mismatched RTP payload type can trigger memory corruption (MFSA 2018-07)

When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR 52.7 and Firefox 59...

8.8CVSS7.3AI score0.02393EPSS
Exploits0References5
OSV
OSV
added 2017/09/02 4:29 p.m.4 views

UBUNTU-CVE-2017-14099

In res/resrtpasterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure media takeover in the RTP stack is possible with careful timing by an attacker. The...

7.5CVSS7.2AI score0.0433EPSS
Exploits0References8
OSV
OSV
added 2017/09/02 4:29 p.m.1 views

DEBIAN-CVE-2017-14099

In res/resrtpasterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure media takeover in the RTP stack is possible with careful timing by an attacker. The...

7.5CVSS7.5AI score0.0433EPSS
Exploits0References1
Rows per page
Query Builder